Sim Swap Scam

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram


This is pretty freaky. Recently when I got the redmi 3s prime for dad, I had to get his SIM changed. Vodafone Store guy gave me a new sim without any paperwork. Told me to send the sms in this format to switch the connection from the old sim to the new sim. The process took less than 2 minutes. No verification from Vodafone. NOTHING.

This probably explains why operators are being forced to send this warning to their subscribers. They have made the process of sim swap so easy that it is being abused by scammers. Just one SMS would handover your mobile number to another person. And only god knows what he can do with it. Changing passwords of digital wallet accounts would be rather simple. Bank accounts would be slightly tough. I bet there are tens of other things that I cannot recollect right now.

This also means that one has to be extremely careful with their phones. Anyone can take over your mobile number if they can get hold of your phone for even a minute. To gain back your number, I assume you would need to run to a company outlet. Not sure if you can get your SIM blocked through a phone call to the customer support center.
 

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
upi relying on otp and debit card numbers is probably the reason. your debit card details are easy to fetch if you use it over the counter at a retail store. and mobile cloning takes care of otp.
 

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
to push for digital transactions, i guess this decision was made. people have a choice to not have an online banking account. but they have zero control over upi and aeps. the smarter thing would have been to add a few manual steps in activation of both. but that would have hurt the adoption of these services which would have hurt their ambitions to take on visa and mastercard. the common man suffers as a result of this.
 

Smh

Regulars
Nov 7, 2016
1,009
163
airtel blocks sms service for 24 or 48 hrs after sim swap to prevent OTP frauds but some service like paytm have option for call too idk if gmail and fb have this call option too for lost password.

no documentation is required bcoz you need the original sim to place swap request and if someone already has access to your original sim then why swap/clone
 


Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
the core problem here is that otp has replaced human verification. you can lose your phone. someone who borrows your phone can misuse it. one of your family members can essentially impersonate you for these services at home with access to your phone. your phone replaces your signature (or fingerprint in case of aeps).
 

Smh

Regulars
Nov 7, 2016
1,009
163
hmmm but OTP is meant to be a two-factor authentication not a replacement of your password or other authentication
 

Sushubh

Administrator
[OP]
Oct 29, 2004
420,556
13,129
Gurugram
For UPI registration your debit card number is basically your username and OTP is your password. Not your ATM Pin. Not your online banking password.
And it is something that you cannot even deactivate on your account to the best of my knowledge. Same with AePS. One of the main reasons I do not like Aadhaar is that there is no opt out of AePS. I do not want my fingerprint to become superior to my signature for financial transactions.
 

Smh

Regulars
Nov 7, 2016
1,009
163
thats the flaw in the design of UPI which uses only OTP for verification not as a 2factor authentication